The UK government has decided to allow Huawei’s equipment in national 5G networks in a limited role following a security review.
In an expected but notable move, the UK’s National Security Council (NSC) made the decision today following a meeting chaired by Prime Minister Boris Johnson.
Digital Secretary Baroness Morgan said: “We want world-class connectivity as soon as possible but this must not be at the expense of our national security. High-risk vendors never have been and never will be in our most sensitive networks.
“The government has reviewed the supply chain for telecoms networks and concluded today it is necessary to have tight restrictions on the presence of high-risk vendors.”
Huawei has been under scrutiny over alleged ties to the Chinese government, an allegation the company has repeatedly denied. The US has urged the UK to ban equipment from the Chinese vendor over national security concerns and American officials issued their British counterparts with a dossier highlighting perceived risks earlier this month.
The UK has always maintained that any decision on Huawei would be evidence-led and based on its own reviews, but the result is nonetheless likely to anger its closest ally. However, as the UK leaves the EU on Friday, it’s a clear sign the country will act independently and not at the behest of American or European influence.
British officials from senior government departments held a meeting last Wednesday and made the recommendation to allow the Chinese network vendor in a “limited role” in national 5G networks. Today, that recommendation was made final.
Huawei, and other “high-risk” vendors, will face the following restrictions:
Excluded from all safety-related and safety-critical networks in critical national infrastructure.
Excluded from security-critical ‘core’ functions, the sensitive part of the network.
Excluded from sensitive geographic locations, such as nuclear sites and military bases.
Limited to a minority presence of no more than 35 percent in the periphery of the network, known as the access network, which connects devices and equipment to mobile phone masts.
Governing that Huawei has no more than 35 percent presence in the periphery of the overall 5G network is particularly interesting. This restriction ensures that if Huawei’s equipment was later compromised, or deemed too risky, around two-thirds of the UK’s 5G network would remain unaffected.
Back in September 2018, a Canadian official argued that allowing Huawei to operate improves security. If a specific vendor’s equipment is compromised, having others in operation means less of the overall network is affected.
While Huawei will be breathing a sigh of relief at the UK’s decision – so will the country’s providers. In a statement, BT wrote: "This decision is an important clarification for the industry. The security of our networks is an absolute priority for BT, and we already have a long-standing principle not to use Huawei in our core networks. While we have prepared for a range of scenarios, we need to further analyse the details and implications of this decision before taking a view of potential costs and impacts."
All four of the UK’s major operators had already begun deploying 5G equipment from Huawei. Stripping Huawei’s gear and buying and installing replacements would have been costly and time-consuming.
Andrew Stark, cybersecurity director at Red Mosquito, said:
“With Huawei kit already integral to the UK 3G and 4G networks, shifting to 5G with them offers the path of least resistance and increases chances of telecom companies meeting tight roll-out targets. There are currently only two other tech players capable of providing hardware for 5G, namely Nokia and Ericsson.”
The UK says its decision was made after the NCSC “carried out a technical and security analysis that offers the most detailed assessment in the world of what is needed to protect the UK’s digital infrastructure.”
However, not all of the UK government will be so welcoming of today’s news. Conservative MP Bob Seely recently said "to all intents and purposes [Huawei] is part of the Chinese state" and involving the company would be "to allow China and its agencies access to our network.''
While UK intelligence officials clearly decided the benefits outweigh the risks, several concerns have been raised about Huawei’s equipment in recent years.
The dedicated Huawei Cyber Security Evaluation Centre (HCSEC) reported in 2018 that it could no longer offer assurance that the risks posed by the use of Huawei’s equipment could be mitigated following the “identification of shortcomings in Huawei's engineering processes". Concerns were raised about technical issues limiting security researchers' ability to check internal product code and the sourcing of components from outside suppliers which are used in Huawei's products.
A follow-up report from HCSEC in March 2019 slammed Huawei as being slow to address concerns and claimed that “no material progress has been made by Huawei in the remediation of the issues reported last year, making it inappropriate to change the level of assurance from last year or to make any comment on potential future levels of assurance.”
Just a month earlier, the Royal United Services Institute (RUSI) – the world's oldest independent think tank on international defence and security – warned about the use of Huawei equipment: “It is far easier to place a hidden backdoor inside a system than it is to find one,
"In the likely, but unacknowledged, battle between Chinese cyber attackers and the UK’s Huawei Cyber Security Evaluation Centre, the advantage and overwhelming resources lie with the former."
The UK’s approach to Huawei has been decided, but it doesn’t feel like the end of the debate.
15:00 update: Added statement from BT.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, Cyber Security & Cloud Expo and 5G Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.